Microsoft Can't Claim Victory in Security Battle

**Glaswegian** · 06-30-2008, 01:55 PM

Nearly six and a half years ago, in the aftermath of the 9/11 terrorist attacks and amid concerns about growing online security threats, Bill Gates sent out a companywide e-mail at Microsoft Corp. that some people consider his most important internal memo ever.

Titled "Trustworthy Computing," the Jan. 15, 2002, missive stressed the need for Microsoft to focus on building more-secure products. "As an industry leader, we can and must do better," Gates wrote.

As Gates officially retires from his job at Microsoft, he leaves behind a company that by most accounts is doing better on security. But fully convincing users of that is an elusive goal. And increasing competition from Web 2.0 and software-as-a-service (SaaS) vendors is posing new challenges for the security development model implemented after Gates wrote his memo.

The memo set in motion a series of fundamental changes at Microsoft. It led to the creation of the company's Security Development Lifecycle (SDL) process, which was meant to ensure that flaws would be caught during development — not after products were released. Millions of dollars were spent to put every developer through SDL training, and work on Windows was shut down for 10 weeks while the training was done.

http://www.computerworld.com/action/...ce=rss_topic17

06-30-2008, 01:55 PM	#1 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 21,381 OS: Win XP Pro SP3 My System Blog Entries: 10	Microsoft Can't Claim Victory in Security Battle Nearly six and a half years ago, in the aftermath of the 9/11 terrorist attacks and amid concerns about growing online security threats, Bill Gates sent out a companywide e-mail at Microsoft Corp. that some people consider his most important internal memo ever. Titled "Trustworthy Computing," the Jan. 15, 2002, missive stressed the need for Microsoft to focus on building more-secure products. "As an industry leader, we can and must do better," Gates wrote. As Gates officially retires from his job at Microsoft, he leaves behind a company that by most accounts is doing better on security. But fully convincing users of that is an elusive goal. And increasing competition from Web 2.0 and software-as-a-service (SaaS) vendors is posing new challenges for the security development model implemented after Gates wrote his memo. The memo set in motion a series of fundamental changes at Microsoft. It led to the creation of the company's Security Development Lifecycle (SDL) process, which was meant to ensure that flaws would be caught during development — not after products were released. Millions of dollars were spent to put every developer through SDL training, and work on Windows was shut down for 10 weeks while the training was done. http://www.computerworld.com/action/...ce=rss_topic17 __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::5 Steps For Infected PCs